We're calling on all EU-based Mozillians with iOS or iPadOS devices to help us monitor Apple’s new browser choice screens. Join the effort to hold Big Tech to account!

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Èròjà atẹ̀lélànà yii ni a ti fi pamọ́ fọ́jọ́ pípẹ́. Jọ̀wọ́ béèrè ìbéèrè titun bí o bá nílò ìrànwọ́.

I have one website that I can't connect with.It save error but it is a site I have visited many times but now can't. I can connect on Explorer but not Firefox.

more options

I get SEC_ERROR_OCSP_INVALID_ SIGNING_CERT. I have visited this site many times and this is the first time not getting on it. I can get enter this site using Explorer but not Firefox.

I get SEC_ERROR_OCSP_INVALID_ SIGNING_CERT. I have visited this site many times and this is the first time not getting on it. I can get enter this site using Explorer but not Firefox.

All Replies (1)

more options

You didn't mention the site, so I'll go with the headline news for now:

Did this just start about 6 hours ago? Firefox users have been getting OCSP errors on various major sites that use the Akamai Content Distribution Network.

As a temporary workaround, you can disable OCSP "stapling." With that change, instead of Firefox expecting sites to provide an OCSP certificate -- a verification that its certificate has not been revoked -- Firefox will query the service provider that signed the certificate. This is good for security but not the best arrangement for privacy, because the service provider knows a computer at your IP address is checking out that site. So after you finish using the site, you can switch the setting back.

(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful or accepting the risk.

(2) In the search box above the list, type or paste ocsp and pause while the list is filtered

(3) Double-click the security.ssl.enable_ocsp_stapling preference to switch the value from true to false

Success?